Added rights management + user edit

This commit is contained in:
NGPixel 2017-01-27 19:12:25 -05:00
parent f8161f2e7a
commit 7dfd5a041a
7 changed files with 75 additions and 15 deletions

3
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,3 @@
{
"eslint.enable": false
}

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View File

@ -17,14 +17,38 @@ if($('#page-type-admin-users').length) {
},
methods: {
addRightsRow: (ev) => {
vueEditUser.rights.push({});
vueEditUser.rights.push({
role: 'write',
path: '/',
exact: false,
deny: false
});
},
removeRightsRow: (ev) => {
removeRightsRow: (idx) => {
_.pullAt(vueEditUser.rights, idx)
vueEditUser.$forceUpdate()
},
saveUser: (ev) => {
let formattedRights = _.cloneDeep(vueEditUser.rights)
switch(vueEditUser.roleoverride) {
case 'admin':
formattedRights.push({
role: 'admin',
path: '/',
exact: false,
deny: false
})
break;
}
$.post(window.location.href, {
password: vueEditUser.password,
name: vueEditUser.name,
rights: JSON.stringify(formattedRights)
}).done((resp) => {
alerts.pushSuccess('Saved successfully', 'Changes have been applied.');
}).fail((jqXHR, txtStatus, resp) => {
alerts.pushError('Error', resp);
})
}
},
created: function() {
@ -33,8 +57,6 @@ if($('#page-type-admin-users').length) {
this.email = usrData.email;
this.name = usrData.name;
console.log(_.find(usrData.rights, { role: 'admin' }));
if(_.find(usrData.rights, { role: 'admin' })) {
this.rights = _.reject(usrData.rights, ['role', 'admin']);
this.roleoverride = 'admin';

View File

@ -4,6 +4,7 @@ var express = require('express');
var router = express.Router();
const Promise = require('bluebird');
const validator = require('validator');
const _ = require('lodash');
/**
* Admin
@ -85,6 +86,40 @@ router.get('/users/:id', (req, res) => {
});
router.post('/users/:id', (req, res) => {
if(!res.locals.rights.manage) {
return res.status(401).json({ msg: 'Unauthorized' });
}
if(!validator.isMongoId(req.params.id)) {
return res.status(400).json({ msg: 'Invalid User ID' });
}
return db.User.findById(req.params.id).then((usr) => {
usr.name = _.trim(req.body.name);
usr.rights = JSON.parse(req.body.rights);
if(usr.provider === 'local' && req.body.password !== '********') {
let nPwd = _.trim(req.body.password);
if(nPwd.length < 6) {
return Promise.reject(new Error('New Password too short!'))
} else {
return db.User.hashPassword(nPwd).then((pwd) => {
usr.password = pwd;
return usr.save();
});
}
} else {
return usr.save();
}
}).then(() => {
return res.json({ msg: 'OK' });
}).catch((err) => {
res.status(400).json({ msg: err.message });
})
});
router.get('/settings', (req, res) => {
if(!res.locals.rights.manage) {

View File

@ -2,8 +2,8 @@
ul
template(v-for="aItem in children", track-by='_uid')
li(v-bind:class='aItem.class')
button.delete(v-on:click='acknowledge(aItem._uid)')
h3 {{ aItem.title }}
button(v-on:click='acknowledge(aItem._uid)')
strong {{ aItem.title }}
span {{ aItem.message }}
if appflash.length > 0

View File

@ -64,10 +64,10 @@ block adminContent
th(style={width: '150px'}) Access
th(style={width: '50px'})
tbody
tr(v-for='right in rights', v-cloak)
tr(v-for='(right, idx) in rights', v-cloak)
td.is-icon
i.icon-marquee-plus.is-green(v-if='!right.deny')
i.icon-marquee-minus.is-red(v-if='right.deny')
i.icon-marquee-plus.is-green(v-if='right.deny === false || right.deny === "false"')
i.icon-marquee-minus.is-red(v-if='right.deny === true || right.deny === "true"')
td
p.control.is-fullwidth
select(v-model='right.role')
@ -89,7 +89,7 @@ block adminContent
option(value='false') Allow
option(value='true') Deny
td.is-centered.has-action-icons
i.icon-delete.is-red(v-on:click='removeRightsRow(right._id)')
i.icon-delete.is-red(v-on:click='removeRightsRow(idx)')
tr(v-if='rights.length < 1', v-cloak)
td.is-icon
td.is-centered(colspan='3'): em No additional access rights